Online HMAC-SHA1 Generator
HMAC-SHA1 produces a message authentication code (MAC) using the SHA-1 hash function and a secret key. Enter the message in the Input field and the key under "More settings", then click the button. Everything runs on your device.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
Message: hello world • Key: secret
Example Output
03376ee7ad7bbfceee98660439a4d8b125122a5a
How to Use
- 1Enter the message you want to authenticate in the Input field.
- 2Open "More settings" and fill in the Secret key (required).
- 3Click the Generate Hash button (or press Ctrl+Enter) to compute the HMAC-SHA1.
- 4The MAC result appears in the Output field. Click Copy to copy it.
About HMAC-SHA1
HMAC-SHA1 is the HMAC construction (RFC 2104) built on top of the SHA-1 hash function. HMAC combines a message with a secret key through two hashing stages to produce a message authentication code (MAC) that is 160 bits long.
How it works: HMAC computes H((key ⊕ opad) ∥ H((key ⊕ ipad) ∥ message)), where ipad and opad are padding constants. This two-layer structure protects against length-extension attacks and mixes the key securely.
HMAC-SHA1 is widely used for API verification (e.g. request signing), tokens (like the JWT HS-series), webhooks, and message integrity. Its security depends on keeping the key secret and the strength of SHA-1.
FAQ
What is HMAC-SHA1?
HMAC-SHA1 is an HMAC (Hash-based Message Authentication Code) that uses the hash function in its name together with a secret key. It verifies both the authenticity (created by the key holder) and integrity (unaltered) of a message.
Why does HMAC need a key?
Without a key, a plain hash only proves integrity, not authenticity — anyone can recompute it. The secret key ensures only parties holding the key can produce a valid MAC.
Is my data sent to a server?
No. HMAC-SHA1 is computed entirely in your browser. Your message and key never leave your device.